Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to define a callback for FIPS test failures instead of aborting the process #2162

Merged
merged 13 commits into from
Feb 25, 2025
Merged

Add support to define a callback for FIPS test failures instead of aborting the process #2162

merged 13 commits into from
Feb 25, 2025

Conversation

andrewhop
Copy link
Contributor

@andrewhop andrewhop commented Feb 4, 2025
edited
Loading

Description of changes:

This change adds a new build option AWSLC_FIPS_FAILURE_CALLBACK that then requires applications that use AWS-LC to define the AWS_LC_fips_failure_callback(const char* message) function. If that function is not defined AWS-LC fails to load.

When the callback is defined and a FIPS failure (CAST or PWCT) happens AWS-LC calls that function instead. It is up to the calling application to ensure no further cryptographic operations occur. This is not an approved way to use AWS-LC in FIPS mode, for the approved way to build and use AWS-LC see the latest FIPS security policy.

Testing

This change adds a new gtest application that checks the callback function is called with the expected message and is used with break-kat.go and the runtime PCT environment variables to ensure the callback is passed the expected message.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@codecov-commenter
Copy link

codecov-commenter commented Feb 4, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 48.97959% with 25 lines in your changes missing coverage. Please review.

Project coverage is 79.05%. Comparing base (1ada1e3) to head (408f243).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
crypto/fips_callback_test.cc 47.91% 24 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2162      +/-   ##
==========================================
+ Coverage   79.04%   79.05%   +0.01%     
==========================================
  Files         612      613       +1     
  Lines      106238   106376     +138     
  Branches    15010    15025      +15     
==========================================
+ Hits        83974    84096     +122     
- Misses      21613    21628      +15     
- Partials      651      652       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@andrewhop andrewhop mentioned this pull request Feb 8, 2025
Merged
andrewhop added a commit that referenced this pull request Feb 10, 2025
@andrewhop
Update BORINGSSL_FIPS_abort to AWS_LC_FIPS_failure which takes a mess…
5553a20 
…age (#2182)

### Description of changes: 
In preparation for the callback change in
#2162 this change updates all the
places that could abort to pass a message to a new abort function that
explains why it's about to abort.

### Testing:
The existing test-break-kat.go will ensure all the KATs still fail as
expected and the messages they print match.

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
@andrewhop andrewhop force-pushed the fips_callback branch 3 times, most recently from 035dd7d to 0f09484 Compare February 11, 2025 01:41
@andrewhop andrewhop marked this pull request as ready for review February 11, 2025 06:57
@andrewhop andrewhop requested a review from a team as a code owner February 11, 2025 06:57
@andrewhop andrewhop changed the title Add support to define a callback for FIPS test failures before aborting the process Add support to define a callback for FIPS test failures instead of aborting the process Feb 20, 2025
torben-hansen
torben-hansen reviewed Feb 21, 2025
View reviewed changes
@andrewhop
Copy link
Contributor Author

I realized I could simplify the testing and put it all in crypto_test. I had to update some of the self_check values to not conflict, e.g. the self_check was using an all zero key and we had another test that had an all zero key so break-kat.go didn't know which one was the real one.

@andrewhop andrewhop merged commit dc3b44b into aws:main Feb 25, 2025
111 of 113 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darylmartin100 darylmartin100 darylmartin100 left review comments

@skmcgrail skmcgrail skmcgrail approved these changes

@WillChilds-Klein WillChilds-Klein WillChilds-Klein approved these changes

@torben-hansen torben-hansen torben-hansen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@andrewhop @codecov-commenter @skmcgrail @WillChilds-Klein @torben-hansen @darylmartin100